Security Basics mailing list archives
RE: information harvesting from within the network
From: "Payton, Zack" <Zack.Payton () MWAA com>
Date: Fri, 3 Jun 2005 12:59:00 -0400
Aside from establishing a trunk link directly from a machine to the switch what other ways do you know of? Any properly configured switch should have all user ports be listed as access. I have heard rumors of double 802.1Q encapsulation attacks and STP root bridge hijacking to reroute the active switching path through a compromised machine but I'd be interested to know if the community is aware of any other methods for attacking switches. I've always been interested in writing client side trunk software. Any takers? Z -----Original Message----- From: Andrew Shore [mailto:andrew.shore () holistecs com] Sent: Monday, May 23, 2005 4:57 PM To: Jason Lopez; ddjjembe 2 Cc: security-basics () securityfocus com Subject: RE: information harvesting from within the network VLANs are a management tool not a security tool. There are many ways to "jump" vlans with in a switch. Andy -----Original Message----- From: Jason Lopez [mailto:jaylpz () sbcglobal net] Sent: 21 May 2005 03:32 To: 'ddjjembe 2' Cc: security-basics () securityfocus com Subject: RE: information harvesting from within the network If you have any manage switches, you could put them on separate VLans, and deny them access to your private network... My two-cents jay -----Original Message----- From: ddjjembe 2 [mailto:ddjjembe2 () hotmail com] Sent: Thursday, May 19, 2005 7:40 PM To: security-basics () securityfocus com Subject: information harvesting from within the network Background: I work in a university that has university typical security practices. Currently any authenticated user can scan the parts of the network with tools like LANguard or Nessus and obtain a considerable amount of information from them. Most of the computers in our network are windows computers. We also have departments with MACs and *nix machines. Goal: If possible, lock down the Windows computers with group policies and/or templates to disable this potential unauthorized information harvesting users and then restrict scanning ability to the security group with LDAP permissions. Am I on the right track here? I would like to achieve this without using a host based firewall. Group policies have large pool of settings to pick from. Narrowing it down to a few that disable at least portions would be appreciated. Thanks, ddjembe _________________________________________________________________ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Current thread:
- RE: information harvesting from within the network Payton, Zack (Jun 06)